BT's long-held claim that legal advice said its Phorm trials did not breach wiretapping laws came under renewed scrutiny today, as documents revealed the firm approached government experts after it had secretly co-opted 18,000 broadband customers into the advertising targeting system.
Papers obtained from the Home Office under …

true to Phorm

In July I emailed all five MEPs for the Eastern District, receiving replies from two of them. These suggested that I first contact my MP. I had already emailed him in May. In reply, he sent me a copy of a letter from Jacqui Smith from which I quote the second paragraph that may be of interest. 'The Home Office has considered the issue of Targeted Online Advertising in general without specific regard to any particular application, The Home Office came to the conclusion that it might be possible for Targeted Online Advertising services to be lawful under the Regulation of Investigatory Powers Act 2000 (RIPA). It might also be the case that Targeted Online Advertising is delivered in a way that is not considered interception as defined by RIPA. It does rather depend on how those services are offered and how they work. I should point out that we are, of course, unable to provide a definitive statement of the law, which only a court could give.' Unquote. I emailed three of the MEPs with Chris Williams article from El Reg of 11 August. In the meantime I have received a letter from the office of Viviane Redding stating that any interception would contravene ECHR and that her office is keeping a close eye on HM Government.

Open Season...... the Glorious Twelfth

If it is anything more than just the usual physical locks on doors and vaults and bars over the windows your testing, then what you will find is that they really are wide open to virtual abuse for they will invariably, at local branch/city branch levels anyway, have no idea about the Virtualised Space in which many who contribute to the Register Knowledge Base.... Work Rest and Play.

In fact, given the Ongoing Exponential Meltdown in their System[s] ...... http://cryptogon.com/?cat=8 .... it would be more probable that there is no security to test and Underground Virtual Forces have taken over Control?

Phorm Cookies

I read somewhere, perhaps even on el-reg, that provided an overview of how Phorm works. IIRC whenever you browse, phorm asks your browser for your phorm cookie, this contains your unique identifier so it can work out your habits from your previous sessions.

So, how about just deleting your cookies. Sure, you won't be "opted-out" whatever that means, but you also won't get ads targetted to your browsing habits, they'll have no data to go on. . It's not like googlemail isn't doing something similar when it displays your email. There's no privacy objection there is there? I'd quite happily sign up to phorm if they, I dunno, gave me an ISP discount of 50% for opting in, there wouldn't be any privacy brouhaha then would there, you're getting a benefit for signing up.

Every one has their price, you just have to decide what yours is. I am currently a BT customer, and their service has been reliable enough to keep my custom. There are plenty of technical work-arounds for phorm (Tor?, VPNs and the like) so I'm not bothered.

@Lewis Chan

From the last publicised version of how Phorm/WebWise was to work, there are two cookies, one was an 'opt-out' cookie, so by deleting it you would be immediately opting yourself back into the targeted ads system. Another cookie was used to store your profiling info but if you delete that it will be replaced by the Phorm/WebWise system next pass through.

The problem that people should focus on is not the ads themselves, it's the 'man-in-the-middle'-like nature of what Phorm/WebWise does. It sits at the ISP, copying your page requests and responses, sifting them for keywords, which are then used to build a persistent profile.

If you choose not to view on-line ads, or be tracked, then you can take steps to block such actions by the likes of Google, etc, (via AdBlock, NoScript, etc) or use an alternative service (such as Scroogle so not even your IP is tracked), but you cannot avoid the snooping by Phorm/WebWise short of sending all of your traffic encrypted as everything goes through Phorm/WebWise kit at the ISP even if you opt-out.

No real detail has been given about how such data passing through their system is analysed, apart from assertions that they will not keep/use numbers over a certain length (that might be credit cards) and that they cannot view HTTPS traffic. They also promise not to keep data for opted-out customers, although initial reports said the data would still be analysed. There has also been inconsistent data given about how the system works, whether data is actually stored before processing, who will have access to the data at what stage, etc.

Phorm is the new name of a primarily Russian-based company formerly known as 121Media who previously produced software branded as spyware, and a rootkit, which they stopped distributing when the CDT in the US raised a formal complaint for deceptive behaviour.

Do you really want a company like that having access to your data, all of your browsing data, whether you opt-out or not?

Do you also want to use an ISP that has lied about using this system in trials, misled the public as to it's purpose, and now it seems operated without proper legal advice in the early stages?

@Mark

Follow the money. If Phorm overwrote other people's ads, those other people would detect this, and have something to say about it, and fast.

i.e. it's not something that Phorm could keep secret from people who have a commercial interest in them not doing it.

You are quite right that you and I might not know it was happening, but the overwritten advertisers would.

While I wouldn't put anything past Phorm - or BT for that matter - I do think they are clever enough only to do things they think they can get away with. Not, of course, that they are quite clever enough to know when this will be true....